Free Software Melbourne

16th February 2017

Rosie Williams @Info_Aus

Snitch Hunt Play Testing

https://whistleblower.network/snitch/index.php

and

Bits and Bytes of Gnews
Hosting (of various kinds) provided by:

System Saviour Ben Sturmfels Electron Workshop

Gnews :: Things to do

Stop Stingray Surveillance

  • surveillance devices that can suck up sensitive, personal info in our cell phones
  • implement safeguards protecting innocent individuals
  • respect our reasonable expectation of privacy, as protected under Article 12 of the Universal Declaration of Human Rights
  • petition

Open Media Survey

  • protect and expand the possibilities of the open Internet
  • Survey

Batman Begins ... Late

  • 48 days is how long Australians need to wait for the Lego Batman Movie to be released
  • film was made in Australia but we will be one of the last countries in the world to watch it legally
  • Campaign

Gnews :: Free Culture

Looking Down a Wide Open Road: OpenStreetView

  • One place that Google Maps has always had OpenStreetMap beat, though, is Google Street View
  • Telenav, one of OSM's major supporters, has now launched a new project dubbed OpenStreetCam
  • Not official & not all of the components in the OpenStreetCam toolkit are open source (that's being worked on)
  • if you're OK with a little bit of closed-source code running here and there (and specific ODB2 hardware) you can contribute imagery to OpenStreetCam, which will publish it under a creative commons CC-BY-SA licence
  • provides the software to create, upload and host your own street view imagery
  • fiddly to set up and get working
  • map
  • Melbourne (No OBD2 option?)
  • Article

The Metropolitan Museum of Art Makes 375,000 Images Available

  • Our comprehensive and diverse museum collection spans 5,000 years of world culture and our core mission is to be open and accessible for all who wish to study and enjoy the works of art in our care
  • There is also a public GitHub repository of the images
  • Announce

GPS Space Weather Data Made Publicly Available

  • 16 years worth of radiation measurements from GPS satellites
  • The GPS data, which dates from December 2000, fill a hole in studies of space weather
  • Article

Wikimedia Foundation Nabs $3 Million Grant To Improve Accessibility of Free Commons' Content

  • from the Alfred P. Sloan Foundation
  • three-year mission to link assets on Wikimedia Commons with Wikidata, the organization's crowdsourced knowledge base
  • make it easier for third-party bodies to donate content to Wikimedia Commons while automatically including existing metadata, bypassing the need to manually label media
  • Article

Node.js's npm Is Now The Largest Package Registry

  • second is Apache Maven
  • In the preceding four weeks, users installed 18 billion packages (66 percent from cache)
  • Article

Microsoft Joins the Linux Foundation as Platinum Member

  • better able to collaborate with the open source community to deliver transformative mobile and cloud experiences
  • Google is joining the .NET Foundation
  • SQL Server on linux is here
  • MS surrender: http://www.computerworld.com/article/3144063/open-source-tools/open-source-has-won-and-microsoft-has-surrendered.html
  • Microsoft actually uses a lot of Linux in-house
  • This isn’t Bill Gates’ or Steve Ballmer’s Microsoft. This is Nadella’s Microsoft, and he wants to work with others
  • Open source has won, and Microsoft wants to be on the winning side
  • Article

Microsoft Adds Intel's Clear Linux Open-Source OS To Azure Market

  • Azure is the first public cloud provider to offer Clear Linux
  • Article

Windows 10 Gets A New Linux: openSUSE

  • how to run openSUSE Leap 42.2 and SUSE Linux Enterprise Server 12 SP2 on Windows 10,
  • Currently it's Ubuntu that's enabled by default in the Windows Subsystem for Linux, although there's already a project on GitHub that also lets you install Arch Linux https://linux.slashdot.org/story/16/10/05/1510203/new-project-lets-you-install-arch-linux-in-the-windows-subsystem-for-linux
  • "It's quite unfortunate that Microsoft enabled the wrong Linux (that's my personal opinion) by default within the Windows Subsystem for Linux (WSL)," writes Kuhnemund, "and it is time to change it to the real stuff"
  • Blog and Article

Lawyer Rewrites Instagram's Privacy Policy So Kids and Parents Can Have a Meaningful Talk About Privacy

  • not only the kids but their parents are able to understand what things are at stake
  • Other people might pay us to use them and [we will not pay you for that]
  • adverts connected to your interests which we are monitoring. [You cannot stop us doing this and it will not always be obvious that it is an advert]
  • Article

Gnews :: Licencing & Open Standards

W3C at Crossroads: Standards Setter or Arms Dealer

  • Encrypted Media Extensions
  • Compromise: Members could still sue over copyright infringement, tortious interference, theft of trade secrets, etc -- they just couldn't sue over breaking DRM where none of these other things had taken place
  • broadest-ever support for this compromise
  • Article

Google Quietly Makes 'Optional' Web DRM Mandatory In Chrome

  • Some time in the past few days, Google quietly updated Chrome (and derivative browsers like Chromium) so that Widevine (Google's version of EME) can no longer be disabled
  • Article, Article and Bug report

Apple Seeks To Position Metal as Part of New 3D Graphics Standard For Web

  • focus on developing a new standard API, perhaps based on Metal, for accelerating GPU-based 3D graphics and general computation
  • Unfortunately, the new graphics APIs contain nuanced architectural differences and are not available across all platforms, making them unsuitable for wide implementation on the web
  • Apple's WebKit team is proposing an initial API dubbed "WebGPU."... WebGPU started life as a mapping of Metal to JavaScript
  • Article

RethinkDB Resurrected

  • went out of business in October 2016
  • Cloud Native Compute Foundation (CNCF) today announced that it has acquired the RethinkDB copyright and assets, including its code, and contributed it to The Linux Foundation.
  • CNCF says it paid $25,000 to complete this transaction
  • Article

Three States Propose DMCA-Countering 'Right To Repair' Laws

  • Automakers are using the Digital Millennium Copyright Act to shut down tools used by car mechanics
  • three states Nebraska, Minnesota, and New York introduced Right to Repair legislation
  • These 'Fair Repair' laws would require manufacturers to provide service information and sell repair parts to owners and independent repair shops.

Free Software Foundation Shakes Up Its List of Priority Projects

  • announced a major rethinking of the software projects that it supports, putting top priority on a free mobile operating system, accessibility, and driver development
  • FSF will continue financially supporting Replicant
  • supporting projects to create a free software replacement for Skype
  • now also prioritizing various projects to replace Siri
  • other priorities now include internationalization, accessibility, decentralization and self-hosting, and encouraging governments to adopt free software
  • Article

Do Android Users Still Use Custom Roms?

  • Apparently so, but not Replicant yet it seems
  • Article

Gnews :: Open Hardware / Firmware

Your Car Will be Recalled in 2017 Thanks to Poor Security

  • Drumming up security work?
  • It may be that attackers will target automakers in the future in the quest for a "ransom" of sorts
  • up to companies to have an established patch system in place to make updating vehicle firmware and embedded software as painless as possible
  • Article

Who's Responsible For Accidents Caused By Open Source Self-Driving Car Software

  • You could download Comma.ai's new open-source Python code from Github, grab the necessary hardware, and follow the company's instructions to add semi-autonomous capabilities to specific Acura and Honda model cars" But then who's legally responsible if there's an accident
  • even if the person who used the software could not sue, a third party injured by it might be able to since they are not a party to the license agreement
  • Article

Raspberry Pi Upgrades Compute Module With 10 Times the CPU

  • The upgrade announced today has 1GB of RAM and a Broadcom BCM2837 processor that can run at up to 1.2GHz
  • twice the RAM and roughly ten times the CPU performance of the original Compute Module
  • more flexible storage options than the original
  • Article and Announce

HiFive 1, the first Open Hardware Microcontroller

  • pin spacing is just as stupid as it's always been, and there is support for a few Adafruit shields
  • HiFive 1 supports 3.3 and 5V I/O
  • Arduino Uno and Leonardo have 32 kilobytes of Flash, while the HiFive 1 has sixteen Megabytes of Flash
  • only other chip of note on the board is the FTDI FT2232HL, a well-supported but most certainly not Free and Open Source USB to UART chip
  • a bare-metal SDK and support for the Arduino IDE
  • For Linux users, the getting started guide is more than sufficient, although it will take quite a while (at least 30 minutes) to build all the tools
  • Article and Store

OpenELEC 7.0 Linux Distribution Now Available For PC and Raspberry Pi

  • minimize the overhead and maximize the power of the hardware
  • OpenELEC 7.0 release contain a Kodi major version bump
  • OpenELEC 7.0 supports the WeTek Core media box making the best Android TV box
  • Bluetooth Audio support
  • OpenVPN reincluded
  • Article

Gnews :: Releases

Chrome Browser for iOS

  • enabling the code to be part of Google’s Chromium browser project
  • after years of refactoring to cleanly separate WebKit from the Chrome for iOS code, the Chrome for iOS code is rejoining Chromium
  • the iOS build is more complicated than the desktop build
  • Article

Hyper Is a Terminal Emulator Built Using JS/HTML/CSS

  • create a beautiful and extensible experience for command-line interface users, built on open web standards
  • The terminal emulator also supports extensions https://uploads.disquscdn.com/images/3af9eed7b9bcb7bd55d1a63e318c3f8a89db1020ba0885543e68ae91cae04f80.gif?w=800&h=329
  • Article and Stie

Linux 4.9 Huge

  • biggest release we've ever had, at least in number of commits
  • Raspberry Pi Zero, plus another 28 ARM-powered devices
  • Vmapped stacks, memory protection keys
  • virtual displays from GPUs
  • Article

Linux 4.10 Tiny

  • a total of 26 changes
  • "RC2 is ridiculously and unrealistically small," said
  • Article

Linux 3.18 Dead (Reaches End of Life)

  • Linux kernel 3.18.48 LTS is here and it's the last in the series
  • "If you are stuck on 3.18 (/me eyes his new phone), well, I might have a plan for you, that first involves you yelling very loudly at your hardware vendor and refusing to buy from them again unless they cut this crap out. After you properly vent to them, drop me an email and let's see what we can come up with, you aren't in this sinking ship alone, and it's obvious your vendor isn't going to help out," said Greg Kroah-Hartman
  • Article and Mailing list

Embedding Projector is an Open Source Project

  • standalone version at projector.tensorflow.org, where users can visualize their high-dimensional data without the need to install and run TensorFlow
  • navigate through views of data in either a 2D or a 3D mode, zooming, rotating, and panning using natural click-and-drag gestures Article, Docs and Paper

"Updated, More Modern" FreeDOS 1.2

  • new installer, easier to connect to a network
  • more tools and games, and a few graphical desktop options including OpenGEM
  • "If you've followed FreeDOS, you know that we don't have a very fast release cycle, We just don't need to; DOS isn't exactly a moving target anymore..."
  • Announce and Site

Python 3.6 Released

  • async in more places, speed and memory usage improvements, and pluggable support for JITs, tracers, and debuggers.
  • DTrace and SystemTap, brings a secrets module to the standard library [to generate authentication tokens],
  • new string and number formats, and adds type annotations for variables
  • Announce

HandBrake Video Transcoder, has hit version 1.0.0

  • affter spending roughly more than 13 years in development. HandBrake 1.0.0 brings tons of new presets and support for more devices and file types.
  • title/chapter selection, queuing up multiple encodes, chapter markers, subtitles, different video filters, and video preview
  • Announce and Download

Postal, by Running With Scissors, Is Now Open Source

  • open sourcing the original version of its most popular title-Postal, which was released back in 1997
  • published the code for the game on Bitbucket under the GPL2 license and further said that it is entrusting the fans with the fate of its game. "Anyone with the time and skills can now tweak/change/update/modify anything in the game at all!"
  • Announce and Code

LibreOffice 5.3 Released

  • Document Foundation describes LibreOffice 5.3 as "one of the most feature-rich releases in the history of the application."
  • MUFFIN interface project
  • Keyboard shortcuts appear in context menus
  • Emoji support
  • Preview option in Styles & Formatting sidebar
  • interoperability tweaks
  • first source release of LibreOffice Online
  • Article

KDE Plasma 5.9 Released

  • return of Global Menus
  • ability to take screenshots, support for using the color picker, implementation of borderless maximized windows for full-screen support, and support for dragging apps by clicking on an empty area of the user interface using the Breeze style
  • Wayland users can also set up gestures and relative motions.
  • drag a screenshot taken with the Spectacle utility from the notification pop-up straight into a web browser form, chat window, or email composer
  • Announce and Download

Wine 2.0 Released

  • 6,600 bugs have been patched,
  • support for Microsoft Office 2013 and 64-bit application support on macOS
  • improvements to font metrics resolution -graphics cards and support for Direct3D 11
  • Article and Announce

D-Wave Open Sources Its Quantum Computing Tool

  • qbsolv is a metaheuristic or partitioning solver that solves a potentially large QUBO problem (Quadratic unconstrained binary optimization - pattern matching) by splitting it into pieces that are solved either on a D-Wave system or via a classical tabu solver
  • “D-Wave is driving the hardware forward,” says D-Wave International president Bo Ewald. “But we need more smart people thinking about applications, and another set thinking about software tools.”
  • Qbsolv offers a tool that can make this impact graphically visible
  • Article and Code

Gnews :: Security & Privacy & DRM

CII & Google Debuts Continuious Fuzzer for Open Source

  • OSS-Fuzz, currently in beta mode, is designed to help unearth programming errors in open source software via fuzz testing
  • Announce: https://security.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html?m=1
  • developed with help from the Core Infrastructure Initiative
  • identified bugs in projects pcre2, libchewing and FFmpeg so far
  • eg libyaml: 17 billion testcases against the library in under a day, according to Gaynor, roughly 30 days of CPU time
  • The program will file any bugs it discovers privately and leave a comment when it thinks a crash has been fixed. It makes the bug public seven days after it’s been fixed
  • large user base projects only
  • Article

Bypass Authentication by Holding Down the Enter Key for 70 Seconds

  • in the way the Cryptsetup utility handles password failures for the decryption process
  • if you enter a blank password 93 times you gain access to a root initramfs (initial RAM file system) shell
  • can also be Exploited Remotely
  • patch is already available
  • Article and Announce

Android's Source Code... // TODO – Finish file encryption later

  • storage encryption in Android Nougat (7.0)
  • Android devices keep their cryptographic keys in memory,.. But keeping crypto keys in memory is not very secure
  • "there is no unambiguous way for Android to tell applications when the system has been re-locked."
  • includes a TODO comment as a placeholder for the lines of C++ that, someday, will evict encryption keys from memory
  • Article

EFF: Dear Tech, Delete Your Logs Before it's too Late

  • EFF has run a full-page ad in this month's Wired under the banner "Your threat model just changed,"
  • incoming administration has vowed to spy on and deport millions of their fellow Americans
  • Article

Consumers are Terrible at Updating Their Devices

  • Canonical surveyed 2000 consumers to better-understand their relationship with their connected devices
  • only 31% of consumers that own connected devices perform updates as soon as they become available
  • 40% of consumers have never consciously performed updates on their devices
  • Of those polled, nearly two thirds felt that it was not their responsibility to keep firmware updated. 22% believed it was the job of software developers, while 18% consider it to be the responsibility of device manufacturers
  • we need to actively ban the dreaded ‘default password’, as Canonical has done with Ubuntu Core 16
  • solutions to IoT security proposed today involve either mitigating security issues after-the-fact, or living in a world where IoT security problems are the accepted norm. This should not and cannot be the case
  • Article

Lavabit Is Relaunching

  • with a new architecture that fixes the SSL problem and includes other privacy-enhancing features
  • obscures the metadata on emails
  • announcing plans to roll out end-to-end encryption later this year
  • Announce and Site

Encrypted Email is Still a Pain in 2017

  • something which was first introduced over 25 years ago, is still difficult to setup and use for even reasonably tech savvy people.
  • Article

More People Than Ever Are Using DuckDuckGo; Site Says It Observed 14M Searches in One Day This Month

  • people are more privacy aware than they have been in the past
  • the number of searches skyrocketing since 2013, when Edward Snowden first revealed how the US government was spying on its people
  • it has to date served up over 10 billion anonymous searches,
  • Article

Australia Plans Biometric Border Control

  • $100m budget and looking for technology companies that could provide biometric systems, such as facial, iris and fingerprint recognition
  • "Biometrics are now going in leaps and bounds, and our ability to harness the power of big data is increasing exponentially," Mr Coyne told the Sydney Morning Herald.
  • The department of border security hopes to pilot the "Seamless Traveller" project in Canberra this summer
  • Article

FBI Will Revert To Using Fax Machines, Snail Mail For FOIA Requests

  • no longer accept Freedom of Information Act (FOIA) requests via email
  • Given that email has worked well for millions of requests over the years, this seems like a move designed to reduce participation and transparency, and we hope that the FBI will reverse course
  • Article

Gnews :: Distro News

Linux.com Announces The Best Linux Distros for 2017

  • sysadmins : Parrot Linux
  • lightweight distribution: LXLE
  • desktop distribution: Elementary OS
  • IoT: Snappy Ubuntu Core
  • non-enterprise server distribution: CentOS
  • enterprise server distribution: SUSE
  • Gentoo for "Best distribution for those with something to prove,"
  • Article

LinuxQuestions Users Choose Their Favorite Distro: Slackware

  • On DistroWatch, Slackware comes in 28th place
  • Firefox took first place with 51.7 percent of the vote
  • LibreOffice won a whopping 89.6% of the vote for "best office suite"
  • Article

Fedora 25

  • .exe installer to download instead of the customary ISO
  • installs the Fedora Media Writer
  • GNOME 3.22, Security Enhanced Linux kernel by default
  • Wayland instead of good old X11 by default
  • Article

Ubuntu 17.04 Swaps Swap Partitions for Swap Files

  • “makes little sense” on systems where memory isn’t limited
  • Sizing of swap files is different to the swap partitions
  • some form of swap is maintained
  • Article

Debian 8.7 Released

  • does not constitute a new version of Debian 8 but only updates some of the packages included
  • reworks, fixes and patches
  • Announce and Download

Tails 3.0 Will Drop 32-Bit Processor Support

  • upcoming version 3.0 of the operating system is dropping 32-bit processor support
  • 2016, only 4% of Tails users were still using a 32-bit computer
  • We would rather see them spend their time in ways that benefit our users on the long term, and not on problems that will vanish when Tails switches to 64-bit eventually
  • Article

OPNsense 17.1 Released,

  • re-bases to using FreeBSD 11.0,
  • SSH remote installer,
  • language support,
  • hardening features used from HardenedBSD
  • plugins: FTP Proxy, Tinc VPN, and Let's Encrypt support
  • Announce and Article

Oracle Scraps Plans For Solaris 12

  • Solaris 12 has been removed from Oracle roadmaps
  • instead mentioning 'Solaris 11.next' as due to debut during this year or the next
  • Article and Roadmap

Gnews :: The Good, The Bad and The Ugly

  • nod to URL language
  • font for the wordmark and accompanying copy lines is Zilla, Selected to evoke the Courier font
  • Blog, Article and Video

Mozilla Moz://a Releases New Open Source 'Internet Health Report'

  • combining research and reporting from multiple sources
  • goal is to start a constructive discussion about the health of the internet by exploring what is currently healthy and unhealthy
  • 57.8% of the world's population cannot afford broadband internet, and 39.5% cannot afford an internet connection on their mobile device
  • 51 intentional internet shutdowns across 18 countries in the first 10 months of 2016
  • one-third of the world's population has no data protection rights;
  • 52% of all websites are in English, even though only 25% of the global population understands the language
  • Report

Firefox 52 Borrows One More Privacy Feature From the Tor Browser

  • that prevents websites from fingerprinting users using system fonts
  • only returning a list of "default fonts" per each OS
  • Article

Mozilla Moz://a Binds Firefox's Fate To The Rust Language

  • After version 53, Firefox will require Rust to compile successfully
  • "The advantage of using Rust is too great," according to maintainer Ted Mielczarek
  • Article and Bug report

Layoffs Kill Mozilla's Moz://a's Push Beyond the Browser

  • it is eliminating the team tasked with bringing Firefox to connected devices
  • ~ 50 people
  • Article